Home › Forums › SecAst (Security for Asterisk) › Installation & Upgrade › iptables+fireHOL not blocking IP’s › Reply To: iptables+fireHOL not blocking IP’s
Problem 1: iptables rules not being created
When SecAst starts it creates a SECAST chain linked into your iptables’ INPUT chain like this:
Chain INPUT (policy ACCEPT)
target prot opt source destination
SECAST all — anywhere anywhere
And the SECAST chain is where dropping of attackers’ IP’s occurs. I see from your iptables list that the above rule is missing – and that’s why you are not able to block attacker IP’s. So the question is why is the SECAST chain rule being refused/lost. Are you updating/flushing your iptables rules (eg: regenerating using FireHOL) after SecAst starts? Is there an error in the SecAst log upon service start indicating any iptables related errors?
Problem 2: Attackers not detected
You did not include the [asterisk] stanza of your secast.conf, so ensure the securityevents key is blank (use the AMI), or points to a valid /var/log/asterisk/messages file. That’s usually the cause.
I suggest you stop SecAst, delete the secast log file, and restart Secast, then manually ban 1 IP. Either post the secast log (or send to support@telium.io if you are concerned about making content public) and we can look there for further clues.
If this is a commercial environment keep in mind that we recommend blocking attackers at the network edge (firewall) – letting SecAst add rules to your firewall.